RDP

IT Services Circle

May 15, 2025 · Information Security

Critical RDP Vulnerability Allows Persistent Access with Revoked Microsoft/Azure Passwords

A newly disclosed critical vulnerability in Windows Remote Desktop Protocol (RDP) lets attackers bypass cloud authentication and maintain permanent access using revoked Microsoft or Azure account passwords, even after password changes, while Microsoft treats the issue as a design decision rather than a bug.